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In the new-normal era, public services must make various adjustments to 
keep the community safe during the COVID-19 pandemic. The Public 
Service Mall is an initiative to put several public services offices in a 
centralized location. However, it will create a crowd of people who want 
access to public service. This paper evaluates multi-tenant models with the 
rapid adaptation of cloud computing technology for all organizations' shapes 
and sizes, focusing on multi-tenants and multi-services, where each tenant 
might have multiple services to offer. We also proposed a multi-tenant 
architecture that can serve queues in several places to prevent the spread of 
COVID-19 due to the crowd of people in public places. The design of multi- 
tenants and multi-services applications should consider various aspects such 
as security, database, data communication, and user interface. We designed 
and built the "QuAntri" business logic to simplify the process for multi- 
services in each tenant. The developed system is expected to improve 


tenants’ performance and reduce the crowd in the public service. We 
compared our agile method for system development with some of the 
previous multi-tenant architectures. Our experiments showed that our 
method overall is better than the referenced model-view-controller (MVC), 
model-view-presenter (MVP), and model-model-view-presenter (M-MVP). 
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1. INTRODUCTION 

The emergence of the COVID-19 pandemic shocked and significantly impacted the world in almost 
all aspects of life. Almost nothing can escape the impact of this pandemic. The government issued several 
policies to prevent the spread of disease, including by maintaining a social and physical distance. Activities 
that involve large numbers of people should be avoided for the time being, including activities that the 
government gives to the community. The current restrictions reduce the number of queues entering the room, 
and services must follow the recommended safe distance of at least 1 meter. 

The problems that arise in this service are how to handle the queuing system to prevent the crowd, 
how to manage queue arrivals tailored to the type of service provided and how to manage the service process 
so that it is not complicated by implementing the standardization of public services. The emergence of 
various new service procedures that have not been regulated in public service standards during this pandemic 
affects the quality of services provided. However, the community is still entitled to good public services and 
they have a good role in public services carried out by public service providers. Currently, public services in 
Indonesia include online services such as online passports, e-Samsat (vehicle tax), e-billing, online welfare, 
online employment, and online tax ID number (TIN) management. 
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Several works showed that online service implementation could utilize the on-premise infrastructure 
or cloud computing infrastructure. Cloud computing infrastructure can provide software as a service [1], [2] 
where various services software for multiple customers are provided using virtualization [3]. The system was 
intended to share cloud resources and achieve a high level of operational efficiency. The main reason for 
prioritizing efficiency is to get better use of infrastructure resources [4], [5] with a mutual benefit [6], [7] that 
the system uses a single operating system, single database, and optimizes the resources. When one user 
leaves, other users can use the same resource [1], so one application serves many customers, regardless of 
their requirements. However, operational efficiency that needs to be considered is low operational costs. As 
research conducted by [8], [9], the implementation of multi-tenancy in the cloud with not only structured 
query language (NoSQL) data storage allowed more effective resource sharing among tenants, therefore 
lowering the operational costs [10]. Another way to reduce operational costs is by implementing a single 
database on a multi-tenant software-as-a-service (SaaS) model to serve multiple e-commerce such as online 
stores [11] and business support [7]. 

Many efforts have been made to improve customer service using multi-tenancy. The optimization of 
application, server, and database resources is to produce the ideal multi-tenant model. The widely applied 
multi-tenant model is focused on the concept of SaaS [1], [9], [11], [12], the design and implementation of 
multi-tenant database schemas, such as private tables, extension tables, universal tables, distributed databases 
and database replication [12]-[14], virtual machines [3], network security [10], [15], multi-tenant monitoring 
[6], [16], e-commerce [1], [11], [17], and Blockchain-based services [2], [18]. 

Architectural principles commonly used in cloud computing applications include multi-tenant, 
multi-user and multi-instance, where these applications allow at one time to serve more than one user with 
various tasks [19], [20]. Multi-tenant is an architectural principle that can be stated to be relatively new [8]. 
Unlike multi-users and multi-instances, multi-tenants are able to share one application for several tenants 
with different locations. Abdul et al. [21] they can provide great opportunities to harness the power of cloud 
infrastructure enabling the tenants to increase the consolidation of data layer operational entities to be 
dedicated, isolated, and shared. The use of infrastructure can also be done in other ways by applying a multi- 
tenant management pattern [22], [23] such as the model-view-controller (MVC), model-view-presenter 
(MVP), and model-view-view-model (MVVM). Each pattern includes some different aspects of the tenant 
management systematics. 

The components used in MVC consist of model, view and controller. The model component 
functions to determine the type of data and business logic [23]. How to retrieve and manipulate data, 
communicate with controllers, interact with databases, and occasionally update views. The advantages of 
MVC according to [24], [25] include the separated business logic from the model, supported asynchronous 
techniques, and no impacts of modifications made in one component on other components [26]. In the 
application development process using MVP, developers must take the advantage of the available time to sort 
the architecture into layers [27], [28]. The layer will share the dependencies that are commonly present in the 
view. The components used in MVC consist of model, view and presenter. MVVM architecture loosens 
relationships between components. It also works with the concept of observable [29] from one component to 
another not directly connected but through the reference contained in the observable. Its components consist 
of model, view and view model. The model component contains a code for the business logic and 
repositories. The repository's task is to bridge the requests from a view-model to a local or remote data 
source. View components have no business logic, but user-linked views extensible markup language (XML) 
only. 

In the midst of this COVID-19 pandemic, we attempted to promote the public service mall (PSM) 
implementation to create new services that enhance a positive image and responsive government 
performance. Improving the quality of public services in the regions through the development of community 
participation is still one of the priorities for the expected and sustainable regional development. The 
development of mobile applications for queuing systems in public service places such as sub-district offices, 
health centers, or banks is needed. By using this application, one can register the queue from home and come 
to the location right before the queue number gets service. This will really help to reduce the crowds in public 
places. The main contributions of this paper are summarized as follows: i) to enable the multi-tenants, as our 
target, to serve queues for several places in Bandung; ii) to build the QuAntri business logic that simplifies 
the process for multi-services in each tenant; and iii) to apply this very suitable system to support the 
prevention of the spread of COVID-19 due to the accumulation of people in accessing public services. 

The remainder of this paper is structured as follows: section 2 describes our proposed method. This 
is followed by section 3, which presents the research method. Section 4 and section 5 respectively describe 
and present the result and discussion and conclusion. 
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2. PROPOSED METHOD 

Multi-tenancy is a cloud architecture that allows each cloud service tenant to share computing power 
with other tenants [30], [31]. Tenants can be referred to as users or parties who rent a cloud service [32]. 
Cloud providers have enormous resources and each tenant will use the same resource. This system uses an 
Android-based smartphone device that bridges users to interact with the system [16]. A multi-tenancy queue 
system application will be installed on the smartphone device through the Google Play Store facility. 
Figure 1 illustrates the multi-tenant architecture. 
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Figure 1. QuAntri multi-tenant SaaS architecture 


As seen in Figure 1, the service architecture developed in QuAntri is presented as follows: i) actor 
through the user interface application (1) will send a to the application programming interface (API) server to 
request or save data (2); ii) the API is tasked as a bridge for interaction or communication between the user 
interface application and the database (3); iii) each tenant (T) has its own database, which is managed by the 
tenant administrator. Requests from users through the application interface will be directed to services that 
access the specified tenant; iv) on the API server, there is a multi-tenant context services (MTCS) layer, 
which functions as a gateway or route to access various services on the system; v) every service request from 
the actor via (1) will be verified and validated by the user authorized service, if it is valid, then it can be 
continued to other services according to the actor's request; vi) the main service in this API lies in queue 
handling, which consists of add queue to add queue to the service; fetch queue to retrieve queue data; and 
cancel queue to cancel the service; and vii) in addition, the service provides a tenant management system. 

The QuAntri system is designed for several actors with their respective roles. The actors in QuAntri 
are: i) QuAntri admin, who acts as a verifier for registered users and tenant master; ii) tenant master can 
register tenants and tenant officers as well as manages and monitors tenants (services and queues); iii) tenant 
officer can manage and monitor queues at each tenant service; and iv) users, get tenant services after 
queuing. The actors and their relationships in the QuAntri system are explained using a use case diagram as 
shown in Figure 2. 

The activities of the actors and their flow during the life cycle of the QuAntri system are master 
tenants verified by the QuAntri admin can create tenants and tenant officers. The master tenant must set 
services and queues for each tenant (service name, start, and end hours, service duration and total queues per 
day), before the tenant is published and can be accessed by users. Users verified by QuAntri admin can 
request service queues on published tenants. Tenant officers manage service queues by receiving service 
queue requests from users. The service queuing system for the user will be terminated when the user gets the 
service. 
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Figure 2. QuAntri use case diagram 


3. RESEARCH METHOD 

QuAntri system is a single software architectural pattern that runs on a server infrastructure in which 
multiple tenants can access the application. This system requires customization of one instance according to 
the multi-faceted requirements of multiple tenants where each tenant gets its own application instance. 
QuAntri provides unlimited services from tenants with an unlimited number of tenants. 

The proposed system model was only limited by the server to handle the database. Tenants who 
register will be verified by the QuAntri admin to prevent fake tenant registrations. Only verified tenants can 
access and use the features in the QuAntri system. QuAntri as a service is an alternative mode of software 
distribution in which third parties typically host applications in the cloud. Then, it is made accessible to users 
via the internet. In fact, QuAntri is a form of SaaS, which is one of the three main wings of cloud computing. 
One of the main reasons why QuAntri excels in the application development industry is because it offers an 
efficient architecture and helps to adopt a cost-cutting methodology. 


3.1. Business logic layer 
The business logic layer is basically to create classes that call methods from the data access layer 

(DAL) [33]. DAL creates classes and methods that serve to communicate with the database directly. The 
purpose of making the building logic in QuAntri is to facilitate communication with the database in which it can 
be done repeatedly. Another purpose of making the business logic is to prevent the presentation level from 
directly accessing the database to compromise data security. In its implementation, the QuAntri business logic 
defines classes and methods in the class and performs functions within the method. These functions aim to 
manipulate data from the DAL method call to be displayed on the presentation layer or vice versa, and the 
business logic layer receives data from the presentation level and manipulates it to be sent to the database. The 
features proposed in this business logic layer are to help to cut investment costs for an organization, ease in 
adding new customers, convenience in using the same application, maximizing resource use, and having 
multiple tenants in the same time frame. An overview of these features is illustrated in the explanation. 

a. Reduce investment costs, the multi-tenant architecture could reduce the long-term investment costs by 
using shared available resources. Such as where tenants share the same database and application on 
scalable server nodes. Thus, acquiring new tenants does not require redeploying the whole service. 

b. Easy to add new customers and new services, new customers can do self-registration even though they 
need to be verified by the QuAntri administrator. The configurable services allow the customers to 
specify their services or add new services. 

c. Simple application for all tenants, the application is designed by configuration first in mind. Database and 
application core configuration were hidden from the customer, while the customers (tenants) can specify 
their services using tuned configurations. 

d. Efficient resource utilization, by using shared resources, the application can improve resource utilization 
efficiency and automated resource maintenance. 

e. Multiple tenants in the same period, the multi tenancy architecture does not require each tenant to have an 
exclusive database and application. This allows single infrastructure to be used by multiple tenants at the 
same time. 
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3.2. QU-antri security model 

QuAntri is a model of cloud services with high-risk types of services and it is vulnerable to attacks 
from hackers. Many ways can be done to reduce security risks. The QuAntri security system implements a 
cloud access security algorithm to audit their network for unauthorized cloud services and compromised 
accounts in which the stages include i) the implementation of the identity and access management; ii) the 
implementation of data loss prevention, and iii) cloud data encryption. Access management system ensures 
that end users do not get access to the more resources they need for their jobs. This solution can be done by 
enabling user access to determine what files and applications a particular user can access. For this, the end- 
users will only see data they are allowed to see. 

User detection software is installed to prevent any sensitive data from being downloaded to private 
devices and to block any malware or hackers from trying to access and download data. The implementation 
of data loss prevention can be done. The collaborative monitoring of data sharing is carried out on the 
QuAntri system so that it is possible for the detection of detailed permissions on files shared with other users, 
including users outside the organization accessing files via web links. QuAntri also implements data 
encryption to protect data in storage and data in transit between end users and the cloud or between cloud 
applications. API testing on the QuAntri service system aims to validate several aspects related to the 
business logic of the system. API testing is done for functionality, performance, and security vulnerability. 
The API testing process is carried out from the user interface, and third-party software API testing. 


4. RESULTS AND DISCUSSION 

This section describes the implementation results of the proposed method for QuAntri by comparing 
the number of detected errors including multi-tenant test scenarios for public service malls. The purpose of 
this test was to examine 3 multitenant components: applications, infrastructure and networks, all of which are 
the main components of a multi-tenant program. These are usually thoroughly tested at launch with an update 
of each component. The focus was on checking the configurable and non-configurable components. Many 
scenarios were designed in which several tenants were brought in to check basic functionality. Every change 
occurred was recorded among tenants, server admins and users. In addition, application functionality was 
checked, depending on the number of tenants and users accessing it. Security tests were also required for 
QuAntri as multi-tenant applications typically are intended for an isolated use within a specific group. Thus, 
protocols for permissions, malware and unauthorized access should be checked. 


4.1. Testing scenarios 
The API test scenarios used are: 

a. Functionality test, functional testing is the first piece of API readiness. Functionality testing is done to 
find out the developed API has met the system requirements. API testing uses a realistic approach, one of 
which is by applying positive/negative testing. 

b. Security vulnerability test, security vulnerability testing on the API is intended to find out the security 
mechanisms that have been made on the API. The test methods used are SQL injection attacks, cross-site 
scripting and token and sessions. 

c. Performance test, testing the performance of the API is intended to find out whether the API responds to 
all client requests. Furthermore, performance testing also measures the response time of the system to a 
request. The tests carried out ignore the environment and hardware specifications used by the system. 


4.2. Result 
4.2.1. Results of application improvement 

The results of tests carried out on the QuAntri SaaS included data observation and database access 
[34]. Data observation was done in a way when several users performed the same action simultaneously to 
send. The data flow from each user was observed and monitored to have the flow as expected. Problems that 
may arise were when the application was reading to the database at the same time. This was due to the data 
access session on one of the tenants to the expression database. For this, the handling was done by waiting 
for a while by imposing a priority scale based on the value of the distance and the smaller access load. 

Another test result was when all tenants at the same time retrieve data from the server. Since the 
resources were shared, it was possible for tenant-1 to receive data from tenant-2. If this occurred, checked 
were made on the security system to prevent data integrity from being lost. Due to the writing of too many 
database calls, the system may experience performance degradation. Therefore, it is important to guarantee 
the data call process to the server so that all the information required is tailored to the needs of each tenant. 
Eventually, the system is able to complete tasks as intended. 

The next result is the validation process for users and tenants who requested access rights. 
Validation was carried out to ensure the uniqueness of the objects used across all tenants/users. This was 
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done so that the tenant cannot modify or delete the object. In short, data isolation was clearly defined at all 
levels. 


4.2.2. Result of network data load 

The performance of the QuAntri network system has been tested by making the system to be 
overloaded. This should be done to assist in identifying a bottleneck situation in the use of shared 
applications for use by several users/tenants. This stage has been successfully carried out and it could be 
proven that validating system stability with overload did not result in data leakage and the system remained 
stable. 

This endurance test was performed to enable the system to validate resource utilization and response 
time. Response time was measured to determine system metrics tested and system readiness. This was done 
for testing and load balancers used in certain environments. This durability testing was also carried out to 
check the reliability of the software. The reason for thorough testing was because when the number of tenants 
was increased, then the risk was greater. Therefore, the QuAntri system can be tuned for a better experience 
and optimization of resources based on these test results. 


4.2.3. Result of security testing 

Security testing is another component that must be performed as it plays a key role due to the nature 
of the system. In the QuAntri system, the main emphasis was on the SQL injection process. This was done to 
see how vulnerable the process was because if the database server/database/table was shared, it would be 
easier for one tenant/external user to inject queries in the application and exploit other tenants of data. 

This test was carried out by doing some validations at the user interface (UD level so that one of the 
tenants could try to see the data of other tenants without disturbing the usability of the system. Performing 
these tests provided sufficient confidence to track emerging feature/functional failures. Data flow and test 
automation at each node to check for data leaks could be covered and detected early. The summary of the test 
and realization targets can be seen in Table 1. 


Table 1. QuAntri test checklist 


Test criteria Target of achievement (%) Realized achievement (%) 
Functional/feature test: to test the availability of features 95 90 
by users and/or tenants. 
Performance test: to test the response time of the system to 96 91 
a request 
Security vulnerability test: emphasis on SQL injection due 100 100 


to the nature of the system. 


As seen in Table 1, a complete series of tests were carried out prior to delivering the multi-tenant 
QuAntri system to the relevant agencies. This was done because every failure in production would have a 
significant impact in terms of reputation and costs because of the involvement of many tenants. On the other 
hand, the maintenance of the QuAntri system is simple if it is done by defining/following the process 
according to the test checklist. 


4.3. Discussion 

This multi-tenant server scalability test is to analyze overall performance if one or more loading 
factors are added. The loading factors themselves generally include the number of users, the amount of data 
being managed by the application, and the number of transactions. Performance can be seen from the amount 
of load and response time given by the application. The amount of load is measured by the amount of work 
that can be done by an application within a predetermined time limit. In addition, the response time is the 
time interval required between a user in requesting the process and receiving the requested result. 

The main concern regarding this multi-tenant is the issue of reliability, that is whether this system is 
able to provide computing needs as needed and provide stability. Sharing multiple processes together, 
sending and receiving files together are some of the risks of a cloud computing server. Because it is in one 
physical server made into several virtual servers. By its own needs, the server becomes a central computer, 
which makes it must operate more than ordinary computers. As a result, the server has more special hardware 
specifications. The benefit to be gained from this research is to provide a solution to a virtual public service 
system that requires many tenants to experiment or support many users who want to get various services at 
one door. Providing solutions to the government/organizations, each of which requires its own tenants to 
produce optimal public services. 
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5. CONCLUSION 

QuAntri multi-tenant architecture was designed in such a way in which each tenant can share 
databases, tables, functionality/features, and some non-functional items. The main risks involved in this type 
of architecture are security vulnerability and the level of system isolation. In this paper, we defined the 
concept of multi-tenancy from a developer perspective for multiple tenants and multi-users. We have 
presented a scheme based on the definitions of the queuing system requirements for this pandemic so that it 
could be used to prevent crowds. In various aspects of being an agile system, we have conducted several tests 
in order to produce an ideal multi-tenant system. 
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